CVE-2026-33058
MEDIUM WAF: High
CVSS 6.5
Published: 2026-03-18
CWE-89
Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51 fixes the issue.
WAF Coverage Analysis
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| kanboard | kanboard | up to 1.2.51 |
References
- github.com (Exploit, Vendor Advisory)